Newsletter |
||||||
June 28th, 2017 | ||||||
The Problem with Running Outdated Software |
||||||
Given the latest WannaCryRansomware epidemic, which infected more than 230,000 users in over 150 countries, it’s vitally important that organizations fully understand the risks associated with using out-of-date systems and software. Change can sometimes be unnerving. It requires a bit of adjusting and is often times considered best avoided, especially when it comes to upgrading functioning production software. There is an understandable resistance to upgrading software where the version in use is familiar, well understood and from a functionality standpoint, isn’t actually broken. Unfortunately, the same software is well known to hackers. They’ve had plenty of time to get well accustomed with software that’s been around for years. |
||||||
Onelogin reports unauthorized access issueIdentity and access management software vendor OneLogin has reportedly suffered a security incident involving unauthorized access to customer data. According to the company’s CISO Alvaro Hoyos, it ‘detected unauthorized access to OneLogin data in our US data region’ yesterday, subsequently blocked the unauthorized access, reported the security incident to law enforcement, and are working with an IT Security firm now to determine how the unauthorized access happened. |
NNT Recommended Change Control ProgramControlling changes is one of the biggest challenges facing our customers. The size of task, process, and coordination of effort often means that changes continue to occur outside of any planned change approvals and the IT team is unable to prevent this from continuing. The solution? NNT’s Managed Change Control Program. Learn More about the NNT Change Control Program Industroyer malware said to be linked to Kiev attackA new kind of malware with the ability to take down an entire city’s electrical and power grid has been detected. The malware was identified after an attack on the Kiev power grid in 2016, leaving the northern part of the capital without electricity. Researchers at ESET found that the malware is capable of controlling electricity substation switches and circuit breakers directly through the use of industrial communication protocols. Industroyer uses protocols in a common fashion, and its core component is a backdoor that attackers use to install and control the components. The malware then connects to a remote server in order to receive commands and reports back to the attackers. |
Eternalblue exploit used in Wannacry ransomware attackThe leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry ransomware attack that started on May 12, 2017. This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.
Honda forced to shut down plant after wannacry infects networkAs a Payment Service Provider, Unified Payments must adhere to the PCI DSS, the multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, and is intended to help organizations proactively protect customer data. |
||||
Cloud services falling behind in GDPR MigrationResearchers at Netskope have found that the majority of cloud services being used by global firms today currently do not meet the stringent standards for the EU General Data Protection Regulation (GDPR) compliance standard. The vendor based its findings on an analysis of 23,000 cloud service by its Netskope Active Platform which is used by hundreds of customers and millions of end users globally, between January and March 2017. They found that 67% of services reviewed did not specify that the customer owns the data in the terms of service, 90% did not support encryption of data at rest, and 41% replicated data in geographically dispersed data centers. |
||||||
|